Inline permissions on self-related m2m field
|Reported by:||Pantelis Petridis||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I have a model that relates to itself like this:
class Article(models.Model): ... related_articles = models.ManyToManyField('self', blank=True, null=True)
For presentation purposes I choose to display it as inline on the admin website:
class RelatedArticlesInline(admin.TabularInline): model = Article.related_articles.through fk_name = 'from_article' raw_id_fields = ('to_article',) class ArticleAdmin(admin.ModelAdmin): ... inlines = (RelatedArticlesInline,) admin.site.register(Article, ArticleAdmin)
The problem: Non-superuser staff accounts are not able to see the related articles inline, despite they have been assigned all Article permissions.
The reason: Obviously this is a permission bug in the inline. It appears the problem is lying in django.contrib.admin.options.InlineModelAdmin.has_change_permission(). In line 1556 (as of current master source) we do:
for field in opts.fields: if field.rel and field.rel.to != self.parent_model: opts = field.rel.to._meta break
Since both ForeignKey fields of the intermediate model point to the parent model (self-relation), the code fails to discover the appropriate permissions.
This is checked with Django 1.5.